Warning: This is the most dangerous tool I've personally ever seen!!! It writes to your partitions without checking.. you could accidentally write a text file to the partition!!!
I created tool specifically for downgrading. I have to be away 1 to 4 weeks and then I will continue progress. It is my goal to downgrade to Android 5.01, take root, then upgrade to Nougat with full root. Some ideas are to flash OJ1 files using this tool then reflash them again with Odin. You may have to shrink the system.img and flash cache.img last, if at all. Another idea is to get twrp from a Note 5 BOTA0 and BOTA1 along with RECOVERY partitions then flash them to the device.. risky would be an understatement but I've tested writing to a lot of other partitions already.. just not those.
i'm so tired right now.. it works and i will make it better but i need sleep.. (see the readme on github)
https://github.com/droidvoider/Android_6.01__DD_Dcow
IGNORE THE REMAINING POSTS THEY ARE OUTDATED... I am rushing to finish this tonight because I won't have time for 1 to 4 weeks. Please post issues I will address them.
droidvoider said:
when you flash the correct one your phone will text AT&T a coded message
Click to expand...
Click to collapse
Can you please rephrase this? Is there any way for us to intercept or interfere with such a message.
Anonymously_Unknown said:
Can you please rephrase this? Is there any way for us to intercept or interfere with such a message.
Click to expand...
Click to collapse
You can avoid it by flashing your entire firmware again. I haven't tried to avoid the message I just end up flashing the entire firmware back when my attempts fail.
edit
New method, tested several times now and now more unwanted texts during testing. (probably great info to clear the data trail of hack attempts on frp lock bypass, usually a modem file "i think?")
**** Please be advised I've never attempted a frp bypess nor do I flash incorrect firmware, only previous but correct versions! still dangerous.
BEFORE flashing back the correct modem firmware...
<under application manager "more+show system apps">
1. Clear data MESSAGES
2. Remove permissions MESSAGES
3. Clear data OMACP
4. Flash back modem file and repeat step 1 through 3 for good measures. Install Google Messenger, now Android Messenger..
Ok I have dirtycow working with PK1. I can patch things like /system/bin/run-as and also /data/tmp/local/* .... However if I try to patch /data/data/app-name/textfile my phone reboots. (not that i need to patch anything there) At this point I don't even know if there are any other PK1 AT&T Note 5 guys left besides me!! So this is just a short snippet 'how to' get dirtycow working on this version. If you need more help speak up.
(I bet you can take this kernel into the next few version but I'm not upgrading to find out.. logcat has some more errors than usual but nothing major, i broke the security update thing look like)
You don't have to use heimdall! ~ I made odin flashable tar.md5 files for this process a few posts down with a bunch of *****asterisk***** so I can find that post myself, laugh. Detailed inside is how I made them which is detailed on this forum very well.
=========> Flash boot.img from N920AUCS3CPJ1 firmware version into your Note 5 with this baseband version: N920AUCS4CPK1 <=============
1. Download heimdal from github and look at the readme under Linux. Near bottom of readme follow instructions including installing the 4 main dependencies.
2. You can use heimdall in the terminal or open a terminal and type: heimdall-frontend for a graphical user interface.
3. REBOOT UBUNTU! In some rare cases we do reboot Ubuntu.
4. Down the files I linked below which are the .pit file for version PK1 and the boot.img from version PJ1.
5. Select 'flash tab' and then browse for .pit file.. Click Add button, then select BOOT.
6. Browse for the boot.img we download then click flash.. Good luck, hope you don't brick!!! so far i'm good but it's been 3 hours only.
PK1 .pit file and PJ1 boot.img file to be used with heimdal for Ubuntu 16.10
https://mega.nz/#!KwlQTSDZ!N-SItLDERCOIE-hFENNQoH3g8SQMDgpa-RajolQhe5Q
Edited in Notes:
logcat clears up after a few minutes and the errors completely stop. I'm not even planning to flash it back to normal!
Is the linked PJ1 boot.img, the stock boot.img extracted from the PJ1 AP file for ODIN?
In my experience with downgrading my device, I can downgrade my build by flashing only the AP file of my chosen build firmware. But the AP file's boot.img containing the kernel must be loadable by the installed bootloader (sboot.bin). I cannot flash thus far an sboot.bin to my device from a firmware based on a binary 2 bootloader. I have a binary 3 lollipop bootloader I can flash to downgrade my system. After doing this it allows me to overwrite it a binary 2 sboot, but I wasn't able to get the tether root to fully reboot without a wipe first. Then I must start back at 3BPH4 and then re-downgrade to attempt a pull again. It's long. And requires 2 stages of flashing, per attempt.
The problem I have is how do I get ODIN to stop instantly denying my chosen file to flash. What check am I not bypassing or getting correct. How do I find the correct checksum or value to edit or spoof to force a mostly official-ish tar. There should be a way somewhere to intercept the communications between the phone, pc, download mode and the modem.
Delgoth said:
Is the linked PJ1 boot.img, the stock boot.img extracted from the PJ1 AP file for ODIN?
Click to expand...
Click to collapse
Yes it is the stock boot.img from a copy of the PJ1 firmware I found from this site somewhere.
Delgoth said:
In my experience with downgrading my device, I can downgrade my build by flashing only the AP file of my chosen build firmware. But the AP file's boot.img containing the kernel must be loadable by the installed bootloader (sboot.bin).
Click to expand...
Click to collapse
I don't have PJ1 sboot.bin because the copies online all have an error in the BL tar.md5. When I read your post I decided to try flashing in recovery.img, it accepted it! In my recovery screen now it reads PJ1, in my About screen reads PK1. I am starting to think I can keep flashing in PK1 stuff until it might let me flash the reset. I would love to find a N920AUCS3CPJ1 with a valid BL_N920AUCS3CPJ1_CL8961126_QB11173364_REV00_user_low_ship.tar.md5 file. (I can try this with PH4 but then I have to setup phone again so I rather wait until I crash it again lol)
Delgoth said:
The problem I have is how do I get ODIN to stop instantly denying my chosen file to flash. What check am I not bypassing or getting correct. How do I find the correct checksum or value to edit or spoof to force a mostly official-ish tar. There should be a way somewhere to intercept the communications between the phone, pc, download mode and the modem.
Click to expand...
Click to collapse
I've seen my recovery.img files getting denied by Odin before, however, I just cleanly flashed in recovery from PJ1 using heimdall. Again if I am not being clear I extract the .img files from the tar.md5 then I use the .pit file from PK1 and that .img file in "heimdall" for Ubuntu 16.10
I'm starting to think we can weasel down because PJ1 is binary 3, PK1 is binary 4. (edited.. wrong, you can flash boot.img, recovery.img, userdata.img and cm.bin, modem.bin crashes modem)
Battery drain less than 1% in 8 hours of screen off time!!
Disabling the AT&T apps with my simple exploit (now with it's own cve code and everything) I had great results finally getting back into the 6% battery drain in 8 hours of sleep. Then I discovered if I disabled almost all of Google Play except Google play itself and video watching stuff I was at approximately 2% drain in 8 hours.
Simply flashing in the previous version boot.img and recovery.img made my battery drain with screen off almost 0!!!! I do have to deal with AT&T Software Update has stopped when I boot, or when I disconnect/reconnect my network. This includes if I lose signal. But it is just an OK message and the phone keeps working even if you don't press OK.
Attached you will see my battery screen showing basically no loss from 2:10am to 10:08am. (edit just realized it says 98% now but it's because I was looking at it and screen capping)
If anyone is interested in a partial downgrade to allow the use of dirtycow here are my files. This was tested to downgrade the N920AUCS4CPK1 kernel to the N920AUCS3CPJ1 kernel by flashing boot.img and recovery.img of the previous baseband. (Oddly allowed? sw rev check fail doesn't apply to these files).. You can also use the userdata.img file which is not well tested, but I'm now using that also.
These are Odin flashable tar.md5 files after you unzip them. IF HAVE NOT tested these in Odin EXCEPT the 1st option, boot.img and recovery.img only.
1. N920AUCS3CPJ1 boot.img and recovery.img to be flashed on top of an already installed/working Note5 w/ N920AUCS4CPK1 installation.
https://mega.nz/#!nwFUVQaC!R3inD-QNEfLKmLGnVnMuAHG10WaMzvivdNn5samhSkA
2. N920AUCS3CPJ1 boot.img and recovery.img with N920AUCS4CPK1 system.img and userdata.img .. (This is for a full setup, use this AP file instead of PK1 AP file)
https://mega.nz/#!XsdxAR7D!RrmYvOgDYdt72MDsV7OmpW-eM5gHqSQu7clwrOIdSQk
3. This is the experimental AP file replacement. N920AUCS3CPJ1 boot.img, recovery.img and userdata.img with N920AUCS4CPK1 system.img. (CAUTION: untested)
https://mega.nz/#!e0ESUZBT!QbLR9Ew0-DFsOpte2wN-wCeRRfWQEATjyKlmuSn8hP8
Note: How I created them is detailed in the zip file.
(Downgrade isn't too likely at the moment I have no earthly idea how I would get rid of sboot.bin "the locked bootloader". The rest of my efforts are just root while preserving knox container)
*
*
*
*
*
*
*
*
**********************************************************************************************
*********************************SEARCH FOR ROOT*****************************************
**********************************************************************************************
****************Note 5 64 bit hacking tools. Readme has links to sources*******************
**********************************************************************************************
No root yet, just the beginning tools right now. (find a way to do something? please share this community needs it!)
Added: dirtycow, applypatch, app_process64, run-as and cowroot (run-as and cowroot don't work, even if cowroot worked it would crash in 20 seconds)
https://mega.nz/#F!wQVggApJ!Zv5wojVW5kiFi2crDDu02g
****************************************************************************************************************************************
Warning: The Note 5 is cool in a way to hack because most things you do will be undone when you reboot. I've altered things in / and /system/bin multiple times without any lasting effects! If you do modify things concerning knox permanently she won't boot. If you install a priv-app twice to make it stop you can also crash the phone out when playing around with knox. (refering to my little trick, see my thread on it. You reinstall a system/priv-app using adb install -rtsd <apk-name-you-adb-pulled-from /system/priv-app/> <=== oddly allowed. On another note patching certain things with dirtycow in /data will cause a sudden reboot.
If you patch app_process64 your phone will go dark, things that are important stop working. I personally do not want my phone in this state for long so I plan out things to try then get out quickly. I have disabler going, but I am not experiencing any cause for concern such as overheating, mass battery draw or odd screen handling. besides it going darker with app_process
Super dangerous expensive game be sure you want to play the entry fee is high. And backup your data you may never see this phone working again.
Project stopped someone else can take over without giving credit. Please don't give credit I don't want my name on this The tools on my github will be left up and I will help you compile any idea but officially I don't need to downgrade, and I wanna buy a unlocked phone
I designed a tool for the purpose of downgrading that I won't have time to test completely, but does work. It allows you to pull every partition from your device that you can see and also write those same partitions back!! This does include BOTA0, BOTA1, BOOT, RECOVERY, SYSTEM. you name it!!
back soon guys, be careful with it.. pulling seems safest if you are new, yeah? have fun!
https://github.com/droidvoider/Android_6.01__DD_Dcow
N920C ?
Related
So, this deals with a post I already made here. I've tried patching the modem.bin file with the modem.img.p patch that came with the MDL update. When flashing the patched modem to the device, the baseband version still hasn't updated to MDL. crawrj mentioned that the MDM partition seems to have write protection on it, but I never got an error in heimdall saying that the partition couldn't be written to. In fact, the modem flashed just fine.
I've already got a custom kernel loaded, and KNOXAgent files removed, so I'd rather not have to downgrade to MDC in order to update to MDL. Also, patching the files went perfectly. No errors, and the file was the size that it was expected to be after patching. So, I'm not exactly sure what's going on with this.
This isn't the only file I would like to patch manually and update myself. I'm really questioning whether certain partitions on the device have write protection enabled for some reason, and how the write protection could be disabled so that the files can be flashed manually.
Anyone that could shed some light on this situation, it would be greatly appreciated. Thought about baking some ROMs, but it's impossible to have a custom kernel without having KNOXAgent removed or SEAndroid frozen. So being able to patch these files manually for future updates is a must.
Thanks in advance, guys.
RogueSly said:
So, this deals with a post I already made here. I've tried patching the modem.bin file with the modem.img.p patch that came with the MDL update. When flashing the patched modem to the device, the baseband version still hasn't updated to MDL. crawrj mentioned that the MDM partition seems to have write protection on it, but I never got an error in heimdall saying that the partition couldn't be written to. In fact, the modem flashed just fine.
I've already got a custom kernel loaded, and KNOXAgent files removed, so I'd rather not have to downgrade to MDC in order to update to MDL. Also, patching the files went perfectly. No errors, and the file was the size that it was expected to be after patching. So, I'm not exactly sure what's going on with this.
This isn't the only file I would like to patch manually and update myself. I'm really questioning whether certain partitions on the device have write protection enabled for some reason, and how the write protection could be disabled so that the files can be flashed manually.
Anyone that could shed some light on this situation, it would be greatly appreciated. Thought about baking some ROMs, but it's impossible to have a custom kernel without having KNOXAgent removed or SEAndroid frozen. So being able to patch these files manually for future updates is a must.
Thanks in advance, guys.
Click to expand...
Click to collapse
I've run into the same issue. Yes, there is some write protection in place.
What I've also tried so far is dumping the MDL mdm and NON_HLOS modem image files directly from an untouched unrooted MDL updated system (other than recovery) Then creating a tar.md5 file for use with Odin. This gave a secure check failed when trying to flash the modem.bin.
I also tried to use recovery to flash the files. No luck here either, it acts much like the low level HTC Radio_config Write protection in that it allows the flash, and even indicates that it was successful, but really it's just writing to a buffer and then checking it later (either on a reboot or whatever) and then since it fails some check, it discards it and uses the original partition.
I verified this by dd'ing the partition before and after the flash in the same recovery session. The partition does indeed change, but after the reboot, it reverts to the original image. Thus... no change.
I'm no expert on these, but from the way this seems, we need a way to install a modified bootloader or somehow set the "WRITE PROTECT: Enabled" to disabled on the bootloader/download screen to allow changes to certain partitions. (Modem and Non-HLOS being the only two that I think are the problem children right now)
What I haven't tried yet that COULD POSSIBLY work is adapting Dan's method of LOKI patching files and using a special command of aboot to flash them. (At least that's how it looks like it works based on a brief skim of the source code)
We'd have to figure out if our aboot is compatible with his method. We'd also need to find the location of the memory addresses and whatnot of where this special command exists in our aboot/memory.
But again, I don't know enough about it to make even an educated guess as to whether or not that would work at all...
Oh, and if Loki cannot be used for Modem patching/flashing, I'd bet the other variants of the device are also going to face the same problems as ours when trying to update modem/non-hlos partitions.
To add to the above post, I also tried using the apply_patch(...) bits from the OTA Update.zip's updater-script file and pulled the corresponding patch files and put them all into an update.zip to patch the partitions, which again said it was successful and of course reverted after rebooting.
Unknownforce said:
Oh, and if Loki cannot be used for Modem patching/flashing, I'd bet the other variants of the device are also going to face the same problems as ours when trying to update modem/non-hlos partitions.
To add to the above post, I also tried using the apply_patch(...) bits from the OTA Update.zip's updater-script file and pulled the corresponding patch files and put them all into an update.zip to patch the partitions, which again said it was successful and of course reverted after rebooting.
Click to expand...
Click to collapse
Ugh. Shoot me. -_-
I'll see if I can't try to figure out something on it. Probably spend some time on it tomorrow.
If anyone has anymore tips, that'd be awesome.
If it wasn't clear, it's not just the apnhlos/mdm partitions that are affected. The list of write-protected partitions during the MDL upgrade that I observe are:
mmcblk0p1: apnhlos
mmcblk0p2: mdm
mmcblk0p4: sbl2
mmcblk0p5: sbl3
mmcblk0p6: aboot
mmcblk0p7: rpm
mmcblk0p8: tz
Unknownforce said:
which again said it was successful and of course reverted after rebooting.
Click to expand...
Click to collapse
Just to make it clear to folks, the partition contents aren't reverting in a strict sense, the writes don't happen at all.
When write-protection is enabled, writes to the eMMC are silently dropped. Linux believes the writes are successful, and so keeps the updated contents in the page cache, which it then serves on subsequent read requests. Of course, when the device is rebooted, the contents of the page cache are lost.
This has been solved with Unknownforce's thread, found here.
I wonder whether there is help for someone who thought he knew how to flash a kernel but apparently is deluded. I have the original nexus seven Wi-Fi tablet android version 4.3 build number JWR66V. The system still wants to update me to 4.3 because I ripped some files out of the cache directory to prevent OTA updates. I have both fastboot and adb. I have read the stickies about flashing.
The phone is rooted and the bootloader is unlocked. I use TWRP custom recovery, and it's a good thing, because I solidly bricked myself up just trying to get my lollipop. I know there are tools to root a nexus seven even with stock lollipop, so I thought I'd upgrade my phone to stock lollipop and then use one of those methods. I tried both the stock lollipop kernel and the one provided by chain fire, which I understand is rooted already. (I'm assuming upgrading to lollipop will lose me my root, unless I want to recover back to 4.3.)
I tried to do these things a couple of different ways. When I tried fast boot, I got the message "error: neither -p product specified nor ANDROID_PRODUCT_OUT set". There was a YouTube video suggesting how to deal with this error message. I'm pretty sure I followed the instructions but no go. (I was using the "flash all" command.) This was after I had put the file containing lollipop in the directory, both zipped and unzipped (so that I had an .img file instead of a zip file). I tried using both the zip file with all of the lollipop partitions and the system image file individually. No go. I also had a message that android-info.txt could not be found, even though it was in the same, working directory.
I could be wrong but I don't think you can install a complete updated kernel from a file on the device. I think that works only with update.zip.
I'm still thinking fastboot is my best bet, but there are dependencies apparently and I don't know what files to include in its directory. Then, am I wise to go to stock and then root, or should I simply flash the stock kernel already rooted? I assume that's what chainfire is providing, correct?
I notice the lollipop official ROM nor Chainfireās supposedly-rooted image have any file named nakasi. I have only .img files, no .zip files.
I found a dozen sets of instructions on how to flash a kernel but something I need is missing from all of them. Does anyone know what it is or can anyone offer some helpful advice?
Thank you,
Leon M.
Hi all, I posted this in the 6P bootloop thread, but didn't get a response. As that is a pretty LONG thread, i'm thinking my question may have gotten lost in the jumble.
Quick run down.
A few months back my 6P started the BLOD. I found the fix listed on these pages, applied it, and have been happily using my phone ever since. Phone is bone stock 7.1.2 other than the TWRP recovery and the modified EX kernel for 4 cores.
Since the fix, my phone FINALLY got the OTA update to go to Android 8.0 and i obviously want to get it done. My concern is HOW to do this without causing more headache.
Can anyone point me in the right direction? Should i use the OTA update or download the factory image from Google?
I've got some knowledge as i used to be into the "rooting" scene back in the day, but haven't for a while, so i feel a little lost.
Thanks for any help.
johnnyphive said:
Hi all, I posted this in the 6P bootloop thread, but didn't get a response. As that is a pretty LONG thread, i'm thinking my question may have gotten lost in the jumble.
Quick run down.
A few months back my 6P started the BLOD. I found the fix listed on these pages, applied it, and have been happily using my phone ever since. Phone is bone stock 7.1.2 other than the TWRP recovery and the modified EX kernel for 4 cores.
Since the fix, my phone FINALLY got the OTA update to go to Android 8.0 and i obviously want to get it done. My concern is HOW to do this without causing more headache.
Can anyone point me in the right direction? Should i use the OTA update or download the factory image from Google?
I've got some knowledge as i used to be into the "rooting" scene back in the day, but haven't for a while, so i feel a little lost.
Thanks for any help.
Click to expand...
Click to collapse
Well, for starters do NOT take the OTA. It will either fail or boot loop your phone. Due to the fact you have a modified boot.img you will need to update manually using fastboot with the full image. Re-apply the modified kernel after you finish updating the partitions, but BEFORE booting the first time. You can follow most guides on how to manually update a full image using fastboot, just add the step of flashing the modified kernel before booting.
Thanks for the reply and the help. If i could ask for a little more help, as this is my only phone.
Can you explain the difference between the modified boot.img and the modified kernel?
If i download the factory image from here (https://developers.google.com/android/images) is it ok to the get the latested one (Nov 2017) or do i need to get the original one (Sep 2017 as i'm on Fi)
Once i flash the factory image, is it going to replace the modified boot image as well as the modified kernel?
Follow the OP on this thread (https://forum.xda-developers.com/nexus-6p/general/guide-fix-nexus-6p-bootloop-death-blod-t3640279) in the downloads section there appear to be 2 files i would need, the "Boot.img from stock 6.17, 8.0 firmware" and "EX kernel version 5.03". Am i understanding that correctly?
Like i said, this is my only phone, and i'm probably just being overly paranoid about bricking it, but any clarification would be greatly appreciated.
johnnyphive said:
Thanks for the reply and the help. If i could ask for a little more help, as this is my only phone.
Can you explain the difference between the modified boot.img and the modified kernel?
If i download the factory image from here (https://developers.google.com/android/images) is it ok to the get the latested one (Nov 2017) or do i need to get the original one (Sep 2017 as i'm on Fi)
Once i flash the factory image, is it going to replace the modified boot image as well as the modified kernel?
Follow the OP on this thread (https://forum.xda-developers.com/nexus-6p/general/guide-fix-nexus-6p-bootloop-death-blod-t3640279) in the downloads section there appear to be 2 files i would need, the "Boot.img from stock 6.17, 8.0 firmware" and "EX kernel version 5.03". Am i understanding that correctly?
Like i said, this is my only phone, and i'm probably just being overly paranoid about bricking it, but any clarification would be greatly appreciated.
Click to expand...
Click to collapse
Use the latest November image. The boot.img contains the kernel and ramdisk, critical files necessary to load the device before the filesystem can be mounted. When you flash the new boot.img contained in the Google image, it will overwrite the patched kernel. You then need to re-patch it by installing EX kernel before booting. EX writes to (modifies) the stock boot.img. There are also pre-modifed boot.img files floating around. You will probably get more detailed help in the dedicated thread. Learning to flash manually (or remember how) is not really a big deal and a necessary skill for modding (and for getting yourself out of trouble). Good luck. :good:
v12xke said:
Use the latest November image. The boot.img contains the kernel and ramdisk, critical files necessary to load the device before the filesystem can be mounted. When you flash the new boot.img contained in the Google image, it will overwrite the patched kernel. You then need to re-patch it by installing EX kernel before booting. EX writes to (modifies) the stock boot.img. There are also pre-modifed boot.img files floating around. You will probably get more detailed help in the dedicated thread. Learning to flash manually (or remember how) is not really a big deal and a necessary skill for modding (and for getting yourself out of trouble). Good luck. :good:
Click to expand...
Click to collapse
Ok, so 1 last time (sorry)
1 - Downloaded the latest 8.0.0 factory image from google (this contains the bootloader, radio, and partitions (.zip).
2 - Get phone to fastboot and apply the above 3 new images
3- before rebooting, flash oreo4core (new, modified boot.img), TWRP recovery.img
4- reboot to recovery (TWRP) and apply the modified EX kernel
5 - reboot and (hopefully) profit
Am i missing anything, or doing anything that isn't needed?
johnnyphive said:
Ok, so 1 last time (sorry)
1 - Downloaded the latest 8.0.0 factory image from google (this contains the bootloader, radio, and partitions (.zip).
2 - Get phone to fastboot and apply the above 3 new images
3- before rebooting, flash oreo4core (new, modified boot.img), TWRP recovery.img
4- reboot to recovery (TWRP) and apply the modified EX kernel
5 - reboot and (hopefully) profit
Am i missing anything, or doing anything that isn't needed?
Click to expand...
Click to collapse
<<Disclaimer: I don't use the 4 core kernel, so I don't know if it comes with installer script or someone has just modified the latest boot.img>> Unzip the "partitions" zip you refer to and extract those image files to the same folder as bootloader and modem. For example, you can keep TWRP recovery if you don't flash the recovery.img. That is how you preserve your custom recovery. So in other words you'll now have a folder (your ADB folder?) with 5 image files.... bootloader, radio, boot, system, and vendor all in one folder. <<Note: it is my understanding you just substitute the latest oreo4core file (should be boot.img?) If this is true, copy that file into your ADB folder and let it overwrite the stock boot.img. Stop. Copy over flash-all.bat, change the *.bat extension to *.txt and open in notepad. You will see (and can copy/paste) the fastboot commands to get you started with bootloader and radio. Then flash the last 3 (boot, system, vendor). At this point you can reboot into the OS. Since you substituted the oreo4core boot.img file for the stock boot.img there is no need to use TWRP to flash anything. That and since you skipped flashing the recovery.img, TWRP is still there.
v12xke said:
<<Disclaimer: I don't use the 4 core kernel, so I don't know if it comes with installer script or someone has just modified the latest boot.img>> Unzip the "partitions" zip you refer to and extract those image files to the same folder as bootloader and modem. For example, you can keep TWRP recovery if you don't flash the recovery.img. That is how you preserve your custom recovery. So in other words you'll now have a folder (your ADB folder?) with 5 image files.... bootloader, radio, boot, system, and vendor all in one folder. <<Note: it is my understanding you just substitute the latest oreo4core file (should be boot.img?) If this is true, copy that file into your ADB folder and let it overwrite the stock boot.img. Stop. Copy over flash-all.bat, change the *.bat extension to *.txt and open in notepad. You will see (and can copy/paste) the fastboot commands to get you started with bootloader and radio. Then flash the last 3 (boot, system, vendor). At this point you can reboot into the OS. Since you substituted the oreo4core boot.img file for the stock boot.img there is no need to use TWRP to flash anything. That and since you skipped flashing the recovery.img, TWRP is still there.
Click to expand...
Click to collapse
Thank for the help! Everything seems to be up and running. I know you said you don't use the "4 cores" (can only assume your either on a different phone or yours isn't affected by the BLOD), but do you know if i still need to apply the EX kernel update, or know of a way to tell if it's already been applied?
Thanks again for all the help. I was pretty much in the right direction, but being as how i'd been away from it for a while, i wanted some backup
johnnyphive said:
Thank for the help! Everything seems to be up and running. I know you said you don't use the "4 cores" (can only assume your either on a different phone or yours isn't affected by the BLOD), but do you know if i still need to apply the EX kernel update, or know of a way to tell if it's already been applied? Thanks again for all the help. I was pretty much in the right direction, but being as how i'd been away from it for a while, i wanted some backup
Click to expand...
Click to collapse
I don't think you can flash EX kernel from now on. I think you have to use a modded boot.img that will contain his kernel/ramdisk. This is my guess. You really should be getting your information in the dedicated thread where everyone is actually installing and using it. Google "oreo 4 core" and you will find the XDA thread is the first hit. Good luck. :good:
So, since once a month I find myself having to click a bunch of links and read how to do a bunch of commands, I wanted to create a thread that (rather generically) explains how to manually flash the OTA monthly updates if you're rooted with Magisk. So, minimally, here's a thread for me to review every month... if it helps you all out, all the better!
Pre-requisites:
Download Latest OTA zip file from Google.
Obtain the STOCK boot.img (required) and dtbo.img (optional) of the System ROM you are currently running. This can be done if you already have the full System Image file downloaded, downloading it currently, or just obtaining the stock boot and dtbo image files elsewhere. (NOTE: This can be skipped if you successfully uninstall Magisk BEFORE you start the process and choose to restore the Stock images in the uninstall process.)
Download Latest Magisk Zip file
Download latest TWRP recovery image
If applicable, have latest USB drivers, adb/fastboot/ files etc.
Preparation:
1) Extract or open the Full Image file and locate the boot.img and dtbo.img files. You will want these on your PC in the platform-tools folder (I usually put the Month name at the beginning, ex. - Jan_boot.img). Again, you can skip if you successfully uninstall Magisk prior to all of this.
2) Copy your OTA zip file to the platform-tools folder, again naming it after the month helps (ex. - Feb_Pixel2XL_OTA.zip)
3) Put your TWRP recovery in platform-tools folder.
4) Place the latest Magisk zip on your Pixel's internal storage (what used to be the SDCard on phones so equipped).
Commands:
1) From PC, open command prompt and change directory to your platform-tools folder.
2) If your phone is on, "adb reboot bootloader" If powered off, press power and Vol Down button to get to Bootloader. Plug your phone into your PC.
3) [If Magisk is not uninstalled first] Command: fastboot flash boot {Name_of_boot.img File}
4) [If Magisk is not uninstalled first] Command: fastboot flash dtbo {Name_of_dtbo.img File}
5) On your phone, hit Vol Down until you see Recovery, then press power button.
6) Once in recovery mode, press power and Vol Up to bring up menu
7) Scroll to item: "Apply update from ADB" and press power
8) Command: adb sideload {Name_of_OTA.zip file}
9) After the OTA finishes flashing, exit recovery back into the Bootloader
10) Command: fastboot boot {twrp_filename.img}
11) Install Magisk Zip file (and any other Zip files you want installed... Kernels, etc.) within TWRP
Then after flashing your zip files, reboot to system and you should be all set.
I believe everything above is correct, but if I've made a glaring mistake, please let me know. I also realize there may be other methods to this madness, but this is what works for me.
With this method do you have to worry about removing your password from your phone before you try to go into twrp?
uofirob said:
With this method do you have to worry about removing your password from your phone before you try to go into twrp?
Click to expand...
Click to collapse
Yes. Mine is set to pin, which I had to put in and it let me finish.
Sweet. I'll give this method a try tonight!
WorldOfJohnboy said:
Yes. Mine is set to pin, which I had to put in and it let me finish.
Click to expand...
Click to collapse
Thank you for this. Just to be clear in step 2 under prerequisites you say more on this later. Then in step 1 for preparation you prefix your boot and dtbo with Jan xx.img. I get what your saying, but for the newer noobs they may get confused. Maybe reword to say, extract or open the factory image your currently using or the previous months image. Obviously you do this first so that you can sideload the ota. I don't mean any disrespect.
I believe you also need remove the -w from the end of the .bat file after you extract the OTA; otherwise, all of your data will be wiped.
But great job of getting all this info in one place!
So I did this, and now I'm bootlooping. I guess I'll re-flash the Jan factory image and wait a little longer... **UPDATE** I fixed the bootloop by re-trying the process again (after re-verifying the MD5 hash on the update.zip. I rebooted after installing the update,
but before the TWRP flash to install MAGISK. Maybe this allowed the "update"
to finish processing. I also had to remove the pin from my lock screen in order to allow me to get into twrp. After rebooting into the system and removing the pin, I adb reboot bootloader and then flashed twrp. Thanks for the guide!
---------- Post added at 07:58 AM ---------- Previous post was at 07:50 AM ----------
PuffDaddy_d said:
I believe you also need remove the -w from the end of the .bat file after you extract the OTA; otherwise, all of your data will be wiped.
But great job of getting all this info in one place!
Click to expand...
Click to collapse
You don't need to remove the -w from the .bat file since you aren't using it at all to do the update. That is only if you're flashing your factory image.
Fe Mike said:
Thank you for this. Just to be clear in step 2 under prerequisites you say more on this later. Then in step 1 for preparation you prefix your boot and dtbo with Jan xx.img. I get what your saying, but for the newer noobs they may get confused. Maybe reword to say, extract or open the factory image your currently using or the previous months image. Obviously you do this first so that you can sideload the ota. I don't mean any disrespect.
Click to expand...
Click to collapse
I changed some wording under prerequisite...
I agree with everything on this guide...
just teasing...
I'm actually glad you created this thread...I wanted to create one also and try and help out as much as I could, but I don't have the cahones and didn' t think I had experience enough to start a "guide" thread :silly:
I mean no disrespect, but this seems awful complicated compared to just flashing the full image with the removed (-w). Especially since your downloading it anyway. I do that then boot the TWRP image and flash the TWRP zip. Reboot into recovery and flash kernel and magisk and reboot system. Again I'm asking for clarity, not dumping on you. Great write up btw!
CyberpodS2 said:
I mean no disrespect, but this seems awful complicated compared to just flashing the full image with the removed (-w). Especially since your downloading it anyway. I do that then boot the TWRP image and flash the TWRP zip. Reboot into recovery and flash kernel and magisk and reboot system. Again I'm asking for clarity, not dumping on you. Great write up btw!
Click to expand...
Click to collapse
Well...I can't speak for the OP, but I wrote my extremely similar identical one because, for whatever reason, many users would choose OTAs over flashing full factory images. I/me & you understand the benefits of the factory images over the OTAs; especially understanding the process you must go through to install the OTAs as-of-current is almost the same as flashing the factory images anyways...
But if I were to give a possible explanation to their reasoning is that, like many of them, I come from a non-Google phone (S5 for me), and OTA's were simpler, takes less bandwidth (which still remains true today), they were significantly simpler to install vs. factory images, and with a lot of popular phones you only flash factory images to recover your phone; i.e. muniz_ri's OTA's for the S5 and FlashFire were loads simpler than flashing a whole factory image. But, again, understanding the difference for Pixel 2 and Oreo's OTA & factory images (or the small difference thereof), it's probably better to do a few extra steps and/or downloads to do the whole image than sideloading an OTA.
In the end, this is for people who insist for OTA updates most likely because that's how they are familiar (and therefore more comfortable) with; whether it being explained to them or not...
Cheers!:good:
Fair enough, thanks for the input!
CyberpodS2 said:
I mean no disrespect, but this seems awful complicated compared to just flashing the full image with the removed (-w). Especially since your downloading it anyway. I do that then boot the TWRP image and flash the TWRP zip. Reboot into recovery and flash kernel and magisk and reboot system. Again I'm asking for clarity, not dumping on you. Great write up btw!
Click to expand...
Click to collapse
It may seem awful complicated, but to be honest, to me is less complicated than having to edit a script file (which if you forget to do, will lose all of your data). Also, though the steps I wrote out seem like a lot more if you were to write out a process using the full image, it actually works out to be almost the same number of steps.
Lastly, as someone else hinted at, the OTA file size is smaller. The only full image you need is what you are currently running (which in most cases I have on my phone in case the sh__ hits the fan with my phone), not the new full image. (To be even more precise, you only need the boot.img and dtbo.img from the full image file--there may be places to get just those two files out there.)
As I put in the last sentence, I realize there are other methods to this madness, this is basically what works for me. I wanted to get it in writing so I wouldn't forget this down the road, and if it helps anyone here, just icing on the cake. Clearly I'm no Dev and not forcing anyone to perform the updates this way!
WorldOfJohnboy said:
It may seem awful complicated, but to be honest, to me is less complicated than having to edit a script file (which if you forget to do, will lose all of your data). Also, though the steps I wrote out seem like a lot more if you were to write out a process using the full image, it actually works out to be almost the same number of steps.
Lastly, as someone else hinted at, the OTA file size is smaller. The only full image you need is what you are currently running (which in most cases I have on my phone in case the sh__ hits the fan with my phone), not the new full image. (To be even more precise, you only need the boot.img and dtbo.img from the full image file--there may be places to get just those two files out there.)
As I put in the last sentence, I realize there are other methods to this madness, this is basically what works for me. I wanted to get it in writing so I wouldn't forget this down the road, and if it helps anyone here, just icing on the cake. Clearly I'm no Dev and not forcing anyone to perform the updates this way!
Click to expand...
Click to collapse
Hey bud, wonder I I could pick your brain just a little. When doing monthly Google updates, are most of their proprietary files located in the boot, dtbo, and vendor images?? Your posts have intrigued me a little, and are very well written BTW. My reasoning is this. On my old 6p, about all we needed to do was flash the new vendor, and of course the bootloader and radio if there were any worthwhile improvements. Would the same possibly apply to the P2XL?? I'm just wondering because, now that we're starting to see custom roms, if this would be a viable option, and simplify the updating process. Thank again for your great write up ??
Badger50 said:
Hey bud, wonder I I could pick your brain just a little. When doing monthly Google updates, are most of their proprietary files located in the boot, dtbo, and vendor images?? Your posts have intrigued me a little, and are very well written BTW. My reasoning is this. On my old 6p, about all we needed to do was flash the new vendor, and of course the bootloader and radio if there were any worthwhile improvements. Would the same possibly apply to the P2XL?? I'm just wondering because, now that we're starting to see custom roms, if this would be a viable option, and simplify the updating process. Thank again for your great write up
Click to expand...
Click to collapse
I'll be perfectly honest with you, I haven't taken a dive to see what is in the OTA files and would imagine that it varies depending on the monthly updates.... that said, the only reason why I have stated to re-flash the stock boot.img is because if you are rooted with Magisk, it takes the stock boot.img and modifies it. In order to take an OTA sideload, you need to be on stock boot.img and stock recovery. dtbo is only in my process because there was one time when I tried to sideload and my dtbo wasn't stock (or corrupt). You may not need to flash the stock dtbo.img, but it doesn't hurt to do so.
WorldOfJohnboy said:
I'll be perfectly honest with you, I haven't taken a dive to see what is in the OTA files and would imagine that it varies depending on the monthly updates.... that said, the only reason why I have stated to re-flash the stock boot.img is because if you are rooted with Magisk, it takes the stock boot.img and modifies it. In order to take an OTA sideload, you need to be on stock boot.img and stock recovery. dtbo is only in my process because there was one time when I tried to sideload and my dtbo wasn't stock (or corrupt). You may not need to flash the stock dtbo.img, but it doesn't hurt to do so.
Click to expand...
Click to collapse
I'm really happy to see our device has graduated to this level of discussion, instead of the random guessing and 14 different "possible" routes to a solution. Lol
Custom roms abound, once TWRP gets squared away and someone master's the art of turning monthly updates into zip installs we'll pretty much be there!
Btw OP, great write up... Clear and precise!
I do not understand the purpose for downloading the full system image and then flashing only the OTA zip - what am I missing? There is a widely distributed method for performing monthly OTA updates by uninstalling Magisk, updating OTA normally, then flashing Magisk again - seems much simpler, any reason why it would not work?
Brenneke said:
I do not understand the purpose for downloading the full system image and then flashing only the OTA zip - what am I missing? There is a widely distributed method for performing monthly OTA updates by uninstalling Magisk, updating OTA normally, then flashing Magisk again - seems much simpler, any reason why it would not work?
Click to expand...
Click to collapse
Downloading the full system image is not required. You only need the Stock versions of boot.img (required) and dtbo.img (optional) of the ROM version your phone is currently running. I actually keep a full system image on my phone in case something goes awry.
I'm going to update the OP to more clearly state that you only need the stock boot.img file--how you obtain it is up to you. Uninstalling Magisk will do the same exact thing, however I tried to do that a couple of months ago and it created more issues for me than if I had just flashed the stock boot.img in the first place.
WorldOfJohnboy said:
Downloading the full system image is not required. You only need the Stock versions of boot.img (required) and dtbo.img (optional) of the ROM version your phone is currently running. I actually keep a full system image on my phone in case something goes awry.
I'm going to update the OP to more clearly state that you only need the stock boot.img file--how you obtain it is up to you. Uninstalling Magisk will do the same exact thing, however I tried to do that a couple of months ago and it created more issues for me than if I had just flashed the stock boot.img in the first place.
Click to expand...
Click to collapse
I have not tried the uninstall Magisk method but plan to do so at next update. What kind of issues did it create for you?
Thanks.
Brenneke said:
I have not tried the uninstall Magisk method but plan to do so at next update. What kind of issues did it create for you?
Thanks.
Click to expand...
Click to collapse
For some reason, I don't think it restored the correct (or not corrupted) boot.img version. Then, there were remnants of the Magisk APK and other files so I ended up having to do a full TiBu of my apps and flashed (with wipe) a full System image. It may have been something I did or just my bad luck, but I prefer not to chance it and instead manually flash the Stock image as my "guide" here states.
Hi guys,
Sorry if it is a silly question but I have been trying to get the information with no results.
I have a Samsung galaxy s10+ SM G975F... It is binary 15 and when I use Odin, I can get a newer binary than 14... I want to downgrade from Android 12 to 11... The Batery drain is insane now...
Odin always said that the Binary is incorrect and can't flash any diferent rom
Any ideas or suggestions? Can I install a custom Rom at least?
Thanks and I hope you can help me.
Downgrading Samsung phones is pretty much impossible without unlocking bootloader some funky playing around (manually flashing system, boot, and probably way more) and a TON of luck. I could help you better with an older android Version as i dont have much experience with android 9 or newer.
Arash2803 said:
Hi guys,
Sorry if it is a silly question but I have been trying to get the information with no results.
I have a Samsung galaxy s10+ SM G975F... It is binary 15 and when I use Odin, I can get a newer binary than 14... I want to downgrade from Android 12 to 11... The Batery drain is insane now...
Odin always said that the Binary is incorrect and can't flash any diferent rom
Any ideas or suggestions? Can I install a custom Rom at least?
Thanks and I hope you can help me.
Click to expand...
Click to collapse
Bump same question my device is 16 and binary i want to install is 14? help
no, you CANT downgrade the binary but you can try make a rom with older version of android but expect bugs and a lot of issues due the bootloader
i got s10+ "G975FXXUFHVE1" i cant downgrade also im new to this whole stuff i really need help
š„¹
Ch_ali134 said:
i got s10+ "G975FXXUFHVE1" i cant downgrade also im new to this whole stuff i really need help
Click to expand...
Click to collapse
Same boat here... S10+
i'm on G975FXXUGHVJ5 (android 12), so locked to bin 16. Wanted to go back to G975FXXSEFUL1 (android 11) So I could use my GearVR again, but that is bin 14... Backporting GearVR is out of the question... So i'm left with a feature downgraded p.o.s.. and this was the last moddel to support GearVR...
Pandoriaantje said:
Same boat here... S10+
i'm on G975FXXUGHVJ5 (android 12), so locked to bin 16. Wanted to go back to G975FXXSEFUL1 (android 11) So I could use my GearVR again, but that is bin 14... Backporting GearVR is out of the question... So i'm left with a feature downgraded p.o.s.. and this was the last moddel to support GearVR...
Click to expand...
Click to collapse
From what i've read, its mainly dowload mode/odin that does the check and blocks the downgrade. But what about converting an official samsung update to a flashable twrp/recovery zip? I already have a fully magisk rooted stock android 12 rom, i just want do downgrade the system to stock android 11 (rooted) for GearVR. I don't think actually loading the kernel/system is blocked at the bootloader lvl right?
Maybe with a rom kitchen it could be possible to convert to a flashable zip?
Pandoriaantje said:
From what i've read, its mainly dowload mode/odin that does the check and blocks the downgrade. But what about converting an official samsung update to a flashable twrp/recovery zip? I already have a fully magisk rooted stock android 12 rom, i just want do downgrade the system to stock android 11 (rooted) for GearVR. I don't think actually loading the kernel/system is blocked at the bootloader lvl right?
Maybe with a rom kitchen it could be possible to convert to a flashable zip?
Click to expand...
Click to collapse
Pandoriaantje said:
From what i've read, its mainly dowload mode/odin that does the check and blocks the downgrade. But what about converting an official samsung update to a flashable twrp/recovery zip? I already have a fully magisk rooted stock android 12 rom, i just want do downgrade the system to stock android 11 (rooted) for GearVR. I don't think actually loading the kernel/system is blocked at the bootloader lvl right?
Maybe with a rom kitchen it could be possible to convert to a flashable zip?
Click to expand...
Click to collapse
its only blocked when the bootloader is locked, you can just slap the files into an unsigned tar and it will flash fine with odin (bootloader cant be downgraded tho), but you will have to unlock bootloader and the binary version wont be downgraded just ignored
NigrumTredecim said:
its only blocked when the bootloader is locked, you can just slap the files into an unsigned tar and it will flash fine with odin (bootloader cant be downgraded tho), but you will have to unlock bootloader and the binary version wont be downgraded just ignored
Click to expand...
Click to collapse
NigrumTredecim said:
its only blocked when the bootloader is locked, you can just slap the files into an unsigned tar and it will flash fine with odin (bootloader cant be downgraded tho), but you will have to unlock bootloader and the binary version wont be downgraded just ignored
Click to expand...
Click to collapse
My bootloader is already unlocked. haven't tried downgrading through ODIN, as this is my Daily driver Phone, but i'dd love to get GearVR back. The phone is fully unlocked, with custom kernel, as per my Signature ... So (according to you) I should be able to downgrade to G975FXXSEFUL1 without error through ODIN? despite everyone claiming it can't be done? (I realise that the bootloader binary can't be downgraded, but ODIN/Download mode checks everything. Bootloader, kernel, etc.. no?)
What do you mean with "unsigned tar"?
side question: What about kernel? could I reuse/reflash (from TWRP) my current kernel (Ambasadii HVJ5, android 12) as it is pre-patched with latest magisk, on an older android 11 rom?
Pandoriaantje said:
My bootloader is already unlocked. haven't tried downgrading through ODIN, as this is my Daily driver Phone, but i'dd love to get GearVR back. The phone is fully unlocked, with custom kernel, as per my Signature ... So (according to you) I should be able to downgrade to G975FXXSEFUL1 without error through ODIN? despite everyone claiming it can't be done? (I realise that the bootloader binary can't be downgraded, but ODIN/Download mode checks everything. Bootloader, kernel, etc.. no?)
What do you mean with "unsigned tar"?
side question: What about kernel? could I reuse/reflash (from TWRP) my current kernel (Ambasadii HVJ5, android 12) as it is pre-patched with latest magisk, on an older android 11 rom?
Click to expand...
Click to collapse
unpack the stock tar.md5 using 7zip or some tool and repack it into a normal .tar, to my knowledge odin only checks the binary of original unmodified tar.md5 files like they come from samsung (my newest samsung is from 2017 so that may not be true anymore but it should still be)
for the kernel question i dont really know as i run android 8 with a modded stock kernel
NigrumTredecim said:
unpack the stock tar.md5 using 7zip or some tool and repack it into a normal .tar, to my knowledge odin only checks the binary of original unmodified tar.md5 files like they come from samsung (my newest samsung is from 2017 so that may not be true anymore but it should still be)
for the kernel question i dont really know as i run android 8 with a modded stock kernel
Click to expand...
Click to collapse
Any updates on this process, i would also give it a try if it works out.
crucknova said:
Any updates on this process, i would also give it a try if it works out.
Click to expand...
Click to collapse
not really, my newest samsung is an a5 2017 (where this process works fine)
but it should work, downside is that your bootloader needs to be unlocked as you build you own unsigned flashfile
EDIT: i cant get it to work anymore even tho thats how i did it the first time, flashing using a custom recovery will work tho if thats an option for you
QUICK TUTORIAL
1: download your desired stock firmware
2: extract AP****.tar.md5 (basically just a normal tar with signatures at the end use 7zip or any other program you know)
3: repack boot.img system.img vendor.img (vendor.img may not be there depending on the android version) into an uncompressed tar (using 7zip or any other program)
4: flash said tar using odin
you could also manually flash the image files using heimdall without repacking into an tar
NigrumTredecim said:
not really, my newest samsung is an a5 2017 (where this process works fine)
but it should work, downside is that your bootloader needs to be unlocked as you build you own unsigned flashfile
QUICK TUTORIAL
1: download your desired stock firmware
2: extract AP****.tar.md5 (basically just a normal tar with signatures at the end use 7zip or any other program you know)
3: repack boot.img system.img vendor.img (vendor.img may not be there depending on the android version) into an uncompressed tar (using 7zip or any other program)
4: flash said tar using odin
you could also manually flash the image files using heimdall without repacking into an tar
Click to expand...
Click to collapse
Thanks for the reply and a quick tutorial
NigrumTredecimāi have an s10 plus and a m30, im a bit hesirtant on trying it on s10 plus, but i will try the process on m30, as i need to downgrade it as well!
can you give me an more detailed tutorial on the 3rd step which includes repacking the boot.img system.img vendor.img, should i delete everything except these 3 and repack or what!
Thank you
download lz4 https://github.com/lz4/lz4/releases and drag and drop your .img.lz4 files onto the exe to get the img files
AAAAAAAAAAAAAAA i cant get it to work even though thats how i did it before already, using a custom recovery to flash the images will definitely work, so thats an option for you thats easier just unpack the .img.lz4 and skip the rest and flash using a custom recovery
just leaving the rest here in case somebody wants to find where i made the oopsie here
select your files in 7zip and then click the green plus in the top left corner
then pick tar in the format dropdown menu and then click ok to create the archive
then open said tar with odin
NigrumTredecim said:
download lz4 https://github.com/lz4/lz4/releases and drag and drop your .img.lz4 files onto the exe to get the img files
AAAAAAAAAAAAAAA i cant get it to work even though thats how i did it before already, using a custom recovery to flash the images will definitely work, so thats an option for you thats easier just unpack the .img.lz4 and skip the rest and flash using a custom recovery
just leaving the rest here in case somebody wants to find where i made the oopsie here
select your files in 7zip and then click the green plus in the top left corner
then pick tar in the format dropdown menu and then click ok to create the archive
then open said tar with odin
Click to expand...
Click to collapse
if i do a custom recovery the knox would trip and i wont be able to use the samsung pay. which i use a lot for payments. And thanks for your support dude.